Code Search and Code Graph MCP Servers on FreeBSD: A 2026 Survey

Most code-aware agent tooling today falls into two buckets:

1. Search — grep/ripgrep over the working tree. Fast, low-context, misses cross-file relationships.
2. Graph — knowledge graph of symbols/calls/imports. Slow to build, high-context, makes agents "see" architecture rather than chase strings.

The bridge between them in 2026 is MCP servers that expose either flavour as tool calls to an agent runtime (Claude Code, Cursor, Antigravity, Codex, Windsurf, OpenCode). The agent doesn't ingest the whole repo — it asks the server "where is X called?" and gets a focused answer.

Five catalog corrections were made before publish; see §9 for the per-tool verdicts and the agents' raw evidence rows.

ripgrep-15.1.0_4              ; latest pkg is _6 (minor revbump only)
universal-ctags-p6.2.20260329.0  ; matches current quarterly
tree-sitter (binary)          ; devel/tree-sitter port, latest 0.26.9
tokei                         ; devel/tokei 14.0.0_4
neo4j-4.4.44_2                ; matches port — BUT 4.4 series is EOL upstream
openjdk21-21.0.10+7.1_1       ; matches exactly
py311-tree-sitter-0.20.4_1    ; matches; upstream is on 0.23+
scala-3.3.7                   ; matches (pulls openjdk25 transitively, not 21)

Two FreeBSD-specific gaps the original draft glossed over:

• Neo4j 4.4 is EOL upstream. The databases/neo4j port is pinned to the 4.4.x series; Neo4j itself is on 5.x (and 6.x exists). The CodeGraphContext install path assumes 5.x semantics (auth model, Cypher syntax, APOC bundling), so pursuing it on nexus would mean either running an unpatched EOL DB from pkg or installing 5.x from the upstream tarball outside the pkg system. Neither is great.
• semgrep has no port at all — not in devel/semgrep, not in security/semgrep. The pip install semgrep path the draft mentions works but pulls ~80 transitive Python deps and, on FreeBSD, sometimes has to build OCaml wheels from source because the precompiled wheels target Linux. Practical, but not "in pkg" in the spirit the rest of this list reads.

Everything else in the on-nexus list checks out against FreshPorts with the usual one- or two-revision lag that comes from installing during an upgrade window.

Rationale:

• GitNexus is the reference project that prompted the survey. It ships a complete claude-plugin (gitnexus-claude-plugin/), MCP config (.mcp.json), and skills (.claude/skills/gitnexus/). Even if we end up preferring something else, having it installed lets us read its skills and learn the pattern. Node monorepo, npm install -g gitnexus. The 16-tool claim (11 per-repo + 5 group/cross-repo) is verified against its README. License caveat: PolyForm-Noncommercial-1.0.0, so commercial use would need a separate licence — fine for personal research, worth knowing.
• probe is the closest "ripgrep with brains" option. Rust, built-in MCP, no Docker, no JVM, no Neo4j. Pure local search with AST awareness. Fastest path to "agent has a smarter grep". cargo build, or the upstream-recommended npx @probelabs/probe.

Skipped for now:

• mcp-ripgrep: too thin — agents already get Grep built into Claude Code; an MCP wrapper adds nothing the existing tool doesn't give us. Also ~14 months since last push.
• CodeGraphContext: requires standing up a Neo4j instance and embeddings infra. Worth it once we have agents asking real architectural questions, premature now — and gated on the Neo4j 5.x story above.
• ast-grep: parallel-tracks probe (both Rust + tree-sitter). Pick one to learn first; probe wins because its MCP is built in, not a separate wrapper.
• Joern path (codebadger / mcp-joern): heavy. Push to hydra sandbox per nexus operator model — nexus shouldn't run container workloads.
• Sourcegraph MCP: hosted MCP is sales-gated (Enterprise), the SRC_ACCESS_TOKEN path applies to self-hosted Sourcegraph instances. Save for repos already on Sourcegraph Enterprise.
• wrale/mcp-server-tree-sitter: archived 2026-05-21. Not a runner.

1. How does an MCP-served code graph compare to an embeddings-served one in agent recall? GitNexus has both modes; CodeGraphContext is pure graph. Worth a side-by-side on the same repo — gated on the Neo4j 5.x question for the CGC half.
2. Can multiple MCP servers coexist cleanly in ~/.claude/settings.json without tool-name collisions? (search is going to be claimed by somebody.)
3. Does the JVM-based Joern path actually pay off for security-focused review, or is semgrep's pattern lint enough? The semgrep path is itself pip-only on FreeBSD, so neither is friction-free.
4. Cross-repo group queries (GitNexus's pitch) are the interesting ask — most tools above only index one repo at a time. Worth benchmarking.

• GitNexus — reference project; lighthouse for "code graph as agent tool"
• probe — Rust, built-in MCP (also @probelabs/probe on npm)
• ast-grep — structural search; official MCP at ast-grep/ast-grep-mcp
• semgrep MCP (in-tree) — moved here after semgrep/mcp was archived 2025-10-28
• CodeGraphContext — Neo4j-backed code graph MCP (needs 5.x)
• codebase-memory-mcp — C/C++ binary, 158 langs
• code-graph-mcp (sdsrss) — Rust AST KG with HTTP route tracing
• wrale/mcp-server-tree-sitter — generic tree-sitter MCP (archived)
• codebadger — Joern CPG MCP, ICSE 2026 workshop, GPL-3.0
• mcp-joern — Joern MCP, lighter
• mcp-ripgrep — thin rg wrapper (stale)
• Sourcegraph MCP — hosted, Enterprise-gated
• FreshPorts: ripgrep | FreshPorts: neo4j | FreshPorts: py-tree-sitter

Cataloged 2026-06-24 by claude-agent on nexus, day-of after the 15.0→15.1 upgrade window closed. Survey scoped to "what can a FreeBSD operator host run without leaning on Docker" — a real constraint, not a purity flex. The Joern/Docker exclusion is operational (nexus is read-only ops; container workloads belong on hydra), not a judgement on the tools themselves.

Two parallel verification sub-agents (a719 for upstream repo + MCP claims; aacb for FreeBSD ports availability) ran before publish and corrected five factual errors in the original catalog table. Their raw verdicts are in §9 below.

Next action: install GitNexus + probe per §5, capture install notes, then write the wal.sh follow-up post on the side-by-side benchmark question.

Per-tool verdicts from the upstream-claims verification pass (agent a719). The line format matches the property-drawer convention used elsewhere in the corpus.

TOOL: mcp-ripgrep        ACTIVE: 2025-04-29 (~14mo stale, not archived)
TOOL: ast-grep           MCP: official ast-grep/ast-grep-mcp (424★) + ~8 community
TOOL: semgrep mcp        ACTIVE: standalone repo ARCHIVED 2025-10-28; in-tree fork active
TOOL: probe              ACTIVE: 2026-06-12; upstream recommends npm not cargo
TOOL: CodeGraphContext   ACTIVE: 2026-06-12; matches catalog
TOOL: codebase-memory-mcp LANG: WRONG — C/C++ (31MB C, 7.8KB Go), not Go
TOOL: code-graph-mcp     LANG: WRONG — Rust (Cargo.toml/src/), not Python
TOOL: wrale/mcp-server-tree-sitter   ACTIVE: ARCHIVED, last push 2026-05-21
TOOL: GitNexus           LICENSE: PolyForm-Noncommercial-1.0.0 (not OSS)
TOOL: Sourcegraph MCP    AUTH: Enterprise / sales-gated; no public install docs
TOOL: codebadger         PAPER: ICSE 2026 workshop verified; GPL-3.0
TOOL: mcp-joern          ACTIVE: 2026-04-17 (~2mo stale); accurate as catalogued

FreeBSD-pkg pass (agent aacb) cross-referenced every entry in the "already on nexus" list against FreshPorts. Two flags carried forward into the main text:

• databases/neo4j is pinned at 4.4.x (EOL upstream).
• No devel/semgrep or security/semgrep port; semgrep is pip-only, with an OCaml wheel that sometimes builds from source on FreeBSD.

Three secondary findings recorded but not promoted to the main text because they don't change the install plan:

• py-tree-sitter port is on 0.20.4, upstream is 0.23+; may matter for newer grammar packs.
• lang/scala 3.3.7 pulls openjdk25 as a transitive dep, not 21.
• FreeBSD default python still points at 3.9 via the meta-port; the catalog's py311- prefixes are correct and necessary.